Published: April 15, 2026
OpenAI released GPT-5.4-Cyber on April 14, 2026, a variant of GPT-5.4 fine-tuned for defensive cybersecurity tasks including binary reverse engineering, vulnerability analysis, and malware triage. The model is available only to vetted participants in OpenAI’s Trusted Access for Cyber (TAC) program, which is scaling to thousands of individual defenders and hundreds of security teams. GPT-5.4-Cyber has lower refusal thresholds than standard GPT-5.4 for legitimate security work, allowing approved users to analyze compiled software at the machine-code level without needing source access.
What can GPT-5.4-Cyber do?
GPT-5.4-Cyber is built to support three defensive workflows: binary reverse engineering, vulnerability scanning, and malware analysis. It can inspect compiled software at the machine-code level to identify security issues, reason about exploit paths, and assess robustness of code that defenders do not control. Previous generations of GPT either refused these tasks or required heavy prompting to engage with them. By lowering the refusal boundary for verified users, OpenAI is giving approved defenders a capability that was previously limited to specialized reverse engineers and threat hunters.
The model is deployed as an endpoint inside the TAC program rather than a general API product. Access is tiered, and higher verification levels unlock progressively more capability. GPT-5.4-Cyber sits at the highest tier.
GPT-5.4-Cyber benchmarks and technical specs
OpenAI has not published a separate parameter count or full system card for the Cyber variant, but its base model GPT-5.4 is the reference point for capability. On OpenAI’s internal capture-the-flag (CTF) benchmark, performance climbed from 27 percent on GPT-5 in August 2025 to 76 percent on GPT-5.1-Code, with GPT-5.4 class models scoring higher still. Cybersecurity researchers are the primary intended user group, and the model is tuned to respond to security questions with the same analytical posture it uses for code review.
GPT-5.4-Cyber inherits the long context window and tool-use architecture of GPT-5.4. It supports binary disassembly workflows, structured vulnerability reports, and integration with fuzzers and static analysis tooling through function calling.
How does GPT-5.4-Cyber compare to Claude Mythos?
The release positions OpenAI directly against Anthropic’s Claude Mythos Preview, which was announced on April 7, 2026 under Anthropic’s Project Glasswing. Claude Mythos scored 83.1 percent on CyberGym and is restricted to roughly 40 to 50 partner organizations. GPT-5.4-Cyber targets a broader base of individual defenders and teams through the TAC program rather than a narrow set of enterprise partners. The two models represent different access models for frontier cybersecurity AI: Mythos is a closed enterprise pilot, while GPT-5.4-Cyber is a vetted but scalable defender program.
GPT-5.4-Cyber availability and pricing
GPT-5.4-Cyber is not available on the public OpenAI API. Access requires enrollment and verification through the Trusted Access for Cyber program, first introduced by OpenAI in February 2026. OpenAI has said it will scale TAC to thousands of verified individual defenders and hundreds of teams during 2026. Pricing for GPT-5.4-Cyber has not been published separately from the TAC program’s tier structure.
Organizations that want access should apply through the TAC program page. Standard GPT-5.4 remains available on the OpenAI API for general use and does not require TAC enrollment.
For full details, see OpenAI’s announcement and TAC program page.
GPT-5.4-Cyber is OpenAI’s first production model explicitly scoped to defensive cybersecurity work, delivered through a verified access program rather than the public API.
